Hash Identifier

Hash Identifier

Updated May 7, 2026

Not sure what a hash is? Detect whether it looks like MD5, SHA-256, bcrypt, or another type.

Try:
0 characters 0 bits (if hex)

Hash Length Reference

Hash TypeHex LengthBitsExample
CRC328323610a686
MD5321285d41402abc4b2a...
SHA-140160aaf4c61ddcc5e8...
SHA-256642562cf24dba5fb0a3...
SHA-5121285129b71d224bd62f3...
bcrypt60-$2a$10$...

Features

  • Analyze hash length, character sets, and formatting
  • Detect likely algorithms (MD5, SHA-1, SHA-256, bcrypt, NTLM, etc.)
  • Identify common password hash formats (Unix crypt, LDAP)
  • Check for salts, iterations, or potential Base64 encoding
  • Client-side analysis of leaked hashes

Common Use Cases

  • Determining what hashing logic a legacy application used
  • Identifying the format of hashes found in leaked database dumps
  • CTF (Capture The Flag) cybersecurity competitions
  • Reverse engineering undocumented APIs
  • Auditing database security and password storage mechanisms

Understanding Hash Identification

A hash is essentially just a string of bytes. Because they are often encoded as hexadecimal or Base64, determining exactly which algorithm produced a given string can be challenging. Hash identification tools use heuristics, pattern matching, and length checks to provide educated guesses.

Identification Factors:

  • Length: A 32-character hex string represents 128 bits (likely MD5 or MD4). A 64-character hex string is 256 bits (likely SHA-256).
  • Character Set: Is it strictly hexadecimal (0-9, a-f)? Does it include upper and lowercase letters with symbols (likely Base64 or bcrypt)?
  • Prefixes/Signatures: Many modern password hashes use Modular Crypt Format (MCF). For example, a hash starting with $2a$ or $2b$ is bcrypt. A hash starting with $6$ is SHA-512 crypt.

Examples

Valid - Bcrypt Hash Example
Input: $2a$10$N9qo8uLOickgx2ZMRZoMyeIjZAgcfl7p92ldGxad68LJZdL17lhWy
Result: Identified as bcrypt (Blowfish)
Valid - Ambiguous 32-character Hex
Input: 5d41402abc4b2a76b9719d911017c592
Result: Possible algorithms include MD5, MD4, NTLM, MD2.

Frequently Asked Questions

Can the identifier guess 100% correctly?

No. Many algorithms produce hashes of the exact same length and format. For example, a 32-character hexadecimal string could be MD5, MD4, or an NTLM Windows password hash. The tool provides the most probable candidates, but context is required to know for sure.

What does a hash starting with $ mean?

This is likely the Modular Crypt Format (MCF), a standard used primarily on Unix/Linux systems to store passwords. The string between the first and second `$` indicates the algorithm (e.g., 1 for MD5, 5 for SHA-256, 6 for SHA-512, 2a for bcrypt). The next segment is usually the cost factor or salt.

πŸ’‘ Tips

  • If you encounter a hash ending in one or two `=` symbols, it is almost certainly Base64 encoded. Decode it from Base64 to Hex first to determine its true length and likely algorithm.
  • In Windows environments, 32-character hex strings are frequently NTLM hashes, not MD5.

Common Mistakes

Assuming a 64-character string is definitely SHA-256. It could be a 32-character password that was accidentally hashed twice, or a completely different 256-bit algorithm like BLAKE2s or SHA-3-256.
Trying to identify a hash without removing leading or trailing whitespace first.